CCNA Ace Planning Configuring Questions

75 of 88 questions · Page 1/2 · Ace Planning Configuring topic · Answers revealed

1
MCQmedium

A company wants to use Cloud Run to deploy a containerized API that requires up to 8 GB of memory per request. The API experiences unpredictable traffic spikes. They want to minimize cost while ensuring fast cold starts. Which configuration should they use?

A.Use Cloud Run jobs instead of Cloud Run service
B.Deploy the container to GKE Autopilot with a single pod
C.Set max-instances to a high number and min-instances to 0 with CPU always allocated
D.Set min-instances to 1 and max-instances to a value that handles peak traffic with CPU throttled
AnswerD

min-instances=1 reduces cold starts, max-instances controls cost, and CPU throttled (default) is cost-effective.

Why this answer

Cloud Run supports up to 8 GB memory per container (as of 2024). Setting min-instances to a small number (e.g., 1) reduces cold starts, while max-instances limits costs during spikes. CPU boost can also speed up cold starts.

Using CPU always allocated increases costs, so CPU throttled (default) is fine. The question emphasizes cost minimization, so setting a minimal min-instances is appropriate.

2
MCQmedium

A company wants to set up a hybrid network between their on-premises data center and Google Cloud. They need a highly available VPN connection with 99.99% SLA. Which VPN solution should they choose?

A.Classic VPN
B.HA VPN
C.Cloud Interconnect
D.Cloud NAT
AnswerB

HA VPN provides 99.99% SLA when properly configured with two external IP addresses on the cloud side and two on-premises gateways.

Why this answer

HA VPN offers a 99.99% SLA (with certain conditions) when configured with two interfaces and two tunnels to two on-premises VPN gateways. Classic VPN does not provide an SLA.

3
MCQeasy

A company wants to run a stateless containerized web application that scales to zero when not in use. The application receives HTTP requests and must be billed only for the resources consumed during request processing. Which Google Cloud compute service is most appropriate?

A.Google Kubernetes Engine (GKE) Standard
B.Cloud Run
C.Cloud Functions
D.Compute Engine
AnswerB

Why this answer

Cloud Run is a serverless container platform that scales to zero and charges per request, CPU, and memory used during request processing. It is ideal for stateless HTTP-triggered workloads.

4
MCQmedium

A company is migrating a legacy monolithic application to Google Cloud. The application has unpredictable traffic patterns and long-running connections. The team wants to minimize operational overhead and only pay for resources when the application is processing requests. Which compute option should they choose?

A.Google Kubernetes Engine (GKE) Autopilot cluster
B.Compute Engine with managed instance groups and autoscaling
C.Google Kubernetes Engine (GKE) Standard cluster with node autoscaling
D.Cloud Run
AnswerD

Cloud Run is serverless, scales to zero, and bills per request, making it ideal for unpredictable traffic patterns with minimal overhead.

Why this answer

Cloud Run is a serverless compute platform that scales to zero when not in use, has a per-request billing model, and supports HTTP-triggered container workloads. It can handle long-running connections as long as they stay within the request timeout limit. Cloud Run minimizes operational overhead by eliminating server management and scaling automatically.

5
MCQeasy

An organization needs a NoSQL document database with real-time synchronization across multiple client devices. Which Google Cloud service should they use?

A.Firestore
B.Cloud SQL
C.Cloud Bigtable
D.Cloud Datastore
AnswerA

Firestore is a document database with real-time synchronization capabilities.

Why this answer

Firestore is a NoSQL document database that provides real-time listeners for syncing data across devices, making it ideal for mobile and web applications requiring live updates.

6
MCQeasy

A user wants to estimate the monthly cost of running a Compute Engine VM with 8 vCPUs, 32 GB of memory, and a 100 GB persistent disk in us-central1 for one year. They plan to use the VM 24/7. Which tool should they use?

A.Google Cloud Pricing Calculator
B.Cloud Asset Inventory
C.Cloud Billing reports
D.Cloud Monitoring
AnswerA

The Pricing Calculator is designed for cost estimation before deployment.

Why this answer

The Google Cloud Pricing Calculator allows users to estimate costs for GCP services, including Compute Engine instances with specific machine types, persistent disks, and usage duration.

7
MCQhard

A developer is deploying a Cloud Function that processes messages from a Pub/Sub topic. The function takes 10 minutes to complete each message. The developer needs to ensure that messages are not lost if the function fails. Which Cloud Function generation and configuration should they use?

A.Cloud Functions (2nd gen) with an event-driven trigger from Pub/Sub and retry on failure
B.Cloud Functions (1st gen) with an HTTP trigger and a Pub/Sub push subscription
C.Cloud Functions (2nd gen) with an HTTP trigger
D.Cloud Functions (1st gen) with a background function and retry on failure
AnswerA

2nd gen supports up to 60-minute timeout and event-driven triggers, with retry enabled.

Why this answer

Cloud Functions (2nd gen) supports longer timeouts (up to 60 minutes) and event-driven triggers like Pub/Sub with retries. 1st gen has a max timeout of 9 minutes. Retry on failure is configured in the subscription. Background functions are 1st gen.

8
MCQeasy

A company wants to run a stateful application that requires persistent storage on individual VMs. The VMs are not part of a managed instance group. Which Google Cloud storage option is best for this use case?

A.Local SSD
B.Cloud Storage
C.Filestore
D.Persistent Disk
AnswerD

Why this answer

Persistent disks are durable block storage that can be attached to a single VM and persist independently of the VM lifecycle. Cloud Storage is object storage; Filestore is file storage; local SSDs are ephemeral and lose data on VM stop/termination.

9
MCQmedium

A DevOps engineer is using the Google Cloud Pricing Calculator to estimate the monthly cost of a Compute Engine VM running 24/7 for one month. The engineer selects a machine type and adds sustained use discounts. What is the correct way to apply sustained use discounts in the calculator?

A.Manually enter a discount percentage
B.The calculator automatically applies sustained use discounts based on monthly usage
C.Select 'Sustained Use Discount' checkbox
D.Sustained use discounts are not applicable to Compute Engine
AnswerB

Why this answer

Sustained use discounts are automatically applied by Google Cloud based on the number of hours a VM runs per month. The calculator includes them automatically when you specify the monthly usage.

10
MCQeasy

An engineer needs to create a Cloud Storage bucket for storing archival data that will be accessed less than once a year. The data must be stored durably and cost-effectively. Which storage class should the engineer use?

A.Coldline
B.Standard
C.Archive
D.Nearline
AnswerC

Archive class is for data accessed less than once a year, with the lowest storage cost.

Why this answer

Archive storage class is designed for data accessed less than once a year, with the lowest storage cost but higher retrieval costs and a 365-day minimum storage duration. It is ideal for long-term archival.

11
MCQmedium

A company needs to provide outbound internet access to private Compute Engine instances that do not have external IP addresses. The instances must be able to download updates from the internet. Which service should be configured?

A.VPC peering
B.Cloud VPN
C.Cloud NAT
D.Private Google Access
AnswerC

Why this answer

Cloud NAT enables private instances to access the internet for outbound connections while blocking inbound connections from the internet.

12
MCQmedium

An organization stores sensitive data in Cloud Storage. They need to ensure that objects are encrypted at rest using a key that they manage and rotate themselves. Which Cloud Storage encryption option should they use?

A.Use customer-supplied encryption keys (CSEK)
B.Use customer-managed encryption keys (CMEK)
C.Use client-side encryption
D.Use Google-managed encryption keys
AnswerB

CMEK allows you to manage keys via Cloud KMS, including rotation.

Why this answer

Customer-managed encryption keys (CMEK) allow you to manage your own keys via Cloud KMS. Google-managed keys are default. Client-side encryption is done before upload.

Supplied keys are also customer-provided but not managed via KMS.

13
MCQeasy

A developer needs to run a one-time SQL query against a large dataset stored in Cloud Storage in Parquet format. The query result will be used for ad-hoc analysis. They want to minimize cost and avoid provisioning any servers. Which service should they use?

A.Cloud SQL import
B.Dataproc cluster
C.BigQuery external table query
D.Compute Engine with Apache Spark installed
AnswerC

BigQuery can query Parquet files in Cloud Storage directly using an external table, requiring no data loading and no server management.

Why this answer

BigQuery external table query allows you to query data stored in Cloud Storage (including Parquet) directly without loading it, using BigQuery's serverless infrastructure. This minimizes cost because you only pay for the data scanned by the query, and you avoid provisioning any servers. It is ideal for one-time ad-hoc analysis of large datasets.

Exam trap

Cisco often tests the distinction between serverless query services (BigQuery) and managed compute services (Dataproc, Compute Engine), where candidates mistakenly choose Dataproc thinking it is 'serverless' because it can be ephemeral, but it still requires provisioning VMs.

How to eliminate wrong answers

Option A is wrong because Cloud SQL import is designed for importing data into a relational database (MySQL, PostgreSQL, SQL Server) from a file, not for querying Parquet files in Cloud Storage directly, and it requires a running Cloud SQL instance (provisioned server). Option B is wrong because Dataproc clusters require provisioning and managing virtual machines (even if ephemeral), incurring compute costs for the cluster lifetime, and are not serverless; they are overkill for a one-time query. Option D is wrong because Compute Engine with Apache Spark installed requires provisioning a virtual machine, installing software, and managing the environment, which violates the 'avoid provisioning any servers' requirement and incurs costs even when idle.

14
MCQmedium

A company wants to use Cloud Functions to process events from Cloud Storage when new objects are uploaded. They need the function to run in a specific VPC network for tight security. Which Cloud Functions generation supports VPC connectivity?

A.Cloud Functions (2nd gen) with VPC connector
B.Cloud Functions (1st gen) with VPC connector
C.Cloud Functions (2nd gen) with Cloud VPN
D.Cloud Functions (1st gen) with Cloud NAT
AnswerA

2nd gen supports VPC connectors and can run inside a VPC.

Why this answer

Cloud Functions (2nd gen) is built on Cloud Run and supports VPC connectivity via connectors or direct VPC. 1st gen does not support VPC connectors for ingress/egress in the same way. 2nd gen is recommended for VPC network integration.

15
MCQmedium

A company needs to run a batch job every hour on a Compute Engine VM. The VM should be terminated after the job completes to save costs. The job is run from a script inside a custom container image stored in Container Registry. Which approach is the most cost-effective?

A.Create a VM with a preemptible instance setting and a startup script that runs the container, then shuts down the VM
B.Use a managed instance group with autoscaling and a target CPU load of 0%
C.Use a regular VM and stop it manually when the job finishes
D.Use Cloud Run with a scheduled job
AnswerA

Preemptible VMs are significantly cheaper and suitable for fault-tolerant batch jobs. The startup script automates container execution and shutdown.

Why this answer

Compute Engine preemptible VMs are up to 60-91% cheaper than regular VMs. For batch jobs that can be interrupted, they are highly cost-effective. Combining with a startup script that pulls and runs the container, and having the script shut down the VM after the job, minimizes costs.

16
MCQmedium

An organization has a VPC with private instances that need outbound internet access for software updates. The instances have no external IP addresses. Which Google Cloud service should be configured?

A.VPC firewall rules
B.Cloud NAT
D.Cloud VPN
AnswerB

Cloud NAT provides outbound internet for private instances without external IPs.

Why this answer

Cloud NAT enables outbound internet connectivity for private instances without external IPs, using NAT translation.

17
Multi-Selectmedium

A company has a Compute Engine instance that needs to access the internet for software updates, but the instance only has an internal IP address. Which TWO steps are required to enable outbound internet connectivity while keeping the instance private?

Select 2 answers
A.Create a VPC peering connection to a network with internet access
B.Create a firewall rule that allows egress traffic to the internet
C.Create a Cloud NAT gateway in the same region and VPC as the instance
D.Attach the instance to a load balancer
E.Assign a public IP address to the instance
AnswersB, C

Firewall rules must allow outbound traffic; otherwise, the NAT gateway may not be effective.

Why this answer

Cloud NAT allows instances with only internal IP addresses to access the internet for outbound connections. You also need to configure firewall rules to allow egress traffic (e.g., allow HTTP/HTTPS). A NAT gateway without firewall rules will not work.

18
MCQmedium

A company is planning a lift-and-shift migration of an on-premises monolithic application to Google Cloud. The application runs on a single server and requires a specific kernel module that is not supported by Google Cloud's container-optimized OS. Which compute service should they use?

A.Compute Engine
B.Google Kubernetes Engine (GKE)
C.Cloud Run
D.Cloud Functions
AnswerA

Compute Engine provides full control over the VM and OS, allowing custom kernel modules.

Why this answer

Compute Engine offers full control over the VM, including choice of OS and kernel modules. GKE and Cloud Run use container-optimized OS, and Cloud Functions is serverless and unsuitable for a monolithic app.

19
Multi-Selecthard

A company wants to migrate a large on-premises MySQL database to Cloud SQL with minimal downtime. Which TWO steps should they take?

Select 2 answers
A.Set up a Cloud VPN connection between on-premises and Google Cloud
B.Use Database Migration Service (DMS) with continuous replication
C.Configure a read replica on-premises and promote it in Google Cloud
D.Use gcloud sql import command for the final migration
E.Export the database to a SQL dump file and import it to Cloud SQL
AnswersA, B

DMS uses Cloud VPN or Interconnect for secure replication.

Why this answer

Database Migration Service (DMS) can migrate with minimal downtime using CDC. For the final cutover, a brief write-stop is required to ensure consistency.

20
Multi-Selecthard

A company needs to store and analyze large amounts of log data (hundreds of terabytes) with occasional SQL queries. The data is rarely accessed after 30 days and must be kept for compliance for 7 years. They want to minimize storage costs. Which three actions should they take? (Choose THREE.)

Select 3 answers
A.Use Cloud Storage Object Lifecycle Management to move objects to Nearline after 30 days, then to Coldline after 90 days, then to Archive after 1 year
B.Store the data in BigQuery and use clustering on frequently filtered columns
C.Export older partitions from BigQuery to Cloud Storage and delete them from BigQuery after 30 days
D.Store the data in BigQuery and set an expiration on the table to delete data after 30 days
E.Use BigQuery partitions based on ingestion time and set partition expiration to 30 days
AnswersA, B, C

Lifecycle management automates transitions to lower-cost storage classes, reducing costs over time.

Why this answer

BigQuery is ideal for log analysis. For historical data, moving older data to lower-cost storage classes like NEARLINE or COLDLINE reduces cost. Partitioning and clustering improve query performance and reduce costs.

Cloud Storage is an alternative, but BigQuery is better for SQL queries.

21
MCQmedium

A company has a private VPC with instances that have only internal IP addresses. These instances need to download updates from the internet. Which Google Cloud service should they use to provide outbound internet connectivity?

A.Cloud NAT
B.Cloud VPN
C.Assign public IP addresses to the instances
D.Identity-Aware Proxy (IAP)
AnswerA

Cloud NAT provides outbound internet access to private instances without public IPs.

Why this answer

Cloud NAT allows private instances to access the internet outbound while preventing inbound connections. Cloud VPN is for hybrid connectivity. Public IP addresses would expose the instances.

IAP is for SSH/RDP access.

22
MCQhard

A company is running a stateful application on a Compute Engine instance with a 200 GB persistent disk. They want to reduce costs by moving the disk to a lower-cost storage class, but the disk is currently in use. They plan to take a snapshot of the disk and create a new disk from the snapshot with the new storage class. However, they need minimal downtime. What is the correct approach?

A.Use the 'gcloud compute disks update' command to change the storage class while the disk is attached to a running VM
B.Create a new disk with the new storage class and use rsync to copy data from the old disk while both are attached to the same VM
C.Take a snapshot of the disk, create a new disk from the snapshot with the new storage class, then detach the old disk and attach the new disk to the same VM
D.Stop the VM, take a snapshot, create a new disk with the new storage class, and start the VM with the new disk
AnswerC

This is the correct method; minimal downtime occurs when detaching/attaching.

Why this answer

To change the storage class of a persistent disk, you cannot directly change it; you must create a new disk from a snapshot. To minimize downtime, you can create a snapshot while the VM is running (crash-consistent if on a live instance), then create a new disk with the desired storage class, stop the VM, detach the old disk, attach the new disk, and start the VM. This results in a brief downtime but is the standard method.

23
MCQhard

An engineer is designing a VPC for a multi-tier application. The application has web servers that need direct internet access, and a private database tier that must not have public IP addresses. The database tier needs outbound internet access to download updates. Which network configuration should the engineer implement?

A.Place web servers in a subnet with Cloud NAT, and database servers in the same subnet without public IP
B.Place web servers in a subnet with public IPs, and database servers in a separate subnet with Cloud NAT and no public IP
C.Place both tiers in the same subnet with no public IPs and use Cloud NAT for all outbound traffic
D.Place web servers in a subnet with Cloud NAT, and database servers in a subnet with public IPs and firewall rules to restrict inbound
AnswerB

This separates tiers, provides outbound for database via Cloud NAT, and keeps database private.

Why this answer

Web servers should be in a subnet with public IPs or a Cloud NAT for outbound. The database tier must be in a private subnet without public IP, but needs outbound internet via Cloud NAT. This allows secure outbound without public exposure.

24
Multi-Selectmedium

A company is migrating a legacy monolithic application to Google Cloud. The application consists of a web frontend, a business logic layer, and a MySQL database. They want to minimise operational overhead and use managed services where possible. Which two services should they choose? (Choose TWO.)

Select 2 answers
A.Cloud Functions for the business logic
B.Cloud SQL for MySQL to host the database
C.Cloud Run for the frontend and business logic
D.Compute Engine to host the frontend and business logic
E.Cloud Spanner for the database
AnswersB, C

Cloud SQL is a managed MySQL service that reduces database administration overhead.

Why this answer

Cloud SQL provides a managed MySQL database, eliminating database administration. Cloud Run or GKE can host the frontend and logic, but Cloud Run is serverless and reduces overhead. Compute Engine would require more management.

25
MCQmedium

An organization wants to set up a hybrid cloud connection between their on-premises data center and Google Cloud VPC. They need high availability (99.99% SLA) and support for dynamic routing. Which connection method should they use?

A.Cloud NAT
B.Dedicated Interconnect
C.HA VPN with BGP
D.Classic VPN with static routing
AnswerC

HA VPN offers a 99.99% SLA, dynamic routing via BGP, and high availability through two tunnels.

Why this answer

HA VPN provides a 99.99% SLA, supports dynamic routing via BGP, and offers two tunnels for redundancy. Dedicated Interconnect also offers high availability but is a physical connection with higher cost. Partner Interconnect is similar to HA VPN but also physical.

Classic VPN has no SLA.

26
MCQmedium

A company wants to run a batch job that processes files from a Cloud Storage bucket and writes results to BigQuery. The job runs once daily and can take up to 30 minutes. Which compute option is the most cost-effective and requires the least operational overhead?

A.GKE Autopilot cluster
B.Cloud Functions (2nd gen)
C.Cloud Run jobs
D.Compute Engine with a preemptible VM
AnswerC

Cloud Run Jobs are designed for batch workloads, scale to zero when not running, and provide per-second billing. They require no cluster management and are cost-effective for daily 30-minute jobs.

Why this answer

Cloud Functions is event-driven, but for scheduled batch jobs, Cloud Run or Compute Engine are better. However, Cloud Run offers serverless execution with per-second billing and scales down to zero. It is cost-effective for short-lived jobs and requires minimal operational overhead.

27
MCQmedium

A developer is using Cloud Functions (Gen 2) which is based on Cloud Run. They need to handle events from Cloud Storage when a new object is uploaded. Which event type should they use?

A.google.cloud.storage.object.v1.metadataUpdated
B.google.cloud.storage.object.v1.finalized
C.google.cloud.storage.object.v1.deleted
D.google.cloud.storage.object.v1.archived
AnswerB

Why this answer

In Cloud Functions Gen 2, the event type for Cloud Storage object finalization is 'google.cloud.storage.object.v1.finalized'.

28
MCQmedium

A company needs to store petabytes of time-series IoT sensor data and query it with single-digit millisecond latency at millions of reads per second. The data has a simple key-value structure with timestamps. Which Google Cloud database is MOST appropriate?

A.Cloud Bigtable
B.BigQuery
C.Firestore
D.Cloud Spanner
AnswerA

Bigtable is the correct choice: wide-column NoSQL, designed for time-series and IoT workloads, single-digit ms latency, and scales to millions of QPS with additional nodes.

Why this answer

Cloud Bigtable is designed for exactly this use case — petabyte-scale, low-latency (single-digit ms), high-throughput NoSQL storage for time-series, IoT, and financial data. It scales horizontally by adding nodes. BigQuery is optimised for analytics (seconds-to-minutes latency), Cloud SQL is for OLTP (limited to tens of thousands of QPS), and Firestore is for document data with hierarchical structure.

29
MCQeasy

Which Google Cloud service is a fully managed, serverless data warehouse for analytics at petabyte scale, with built-in machine learning capabilities and automatic scaling?

A.Cloud Storage
B.Dataproc
C.Cloud SQL
D.BigQuery
AnswerD

BigQuery is the correct serverless data warehouse for petabyte-scale analytics with ML.

Why this answer

BigQuery is a serverless, highly scalable data warehouse that supports SQL queries, automatic scaling, and integrated ML (BigQuery ML).

30
Multi-Selectmedium

A company wants to run a containerized application on Google Cloud with minimal operational overhead. The application is stateless and can tolerate cold starts. Which three compute services should they consider? (Choose three.)

Select 3 answers
A.GKE Autopilot
B.Compute Engine
C.Cloud Functions
D.GKE Standard
E.Cloud Run
AnswersA, C, E

Why this answer

Cloud Run, Cloud Functions, and GKE Autopilot are all serverless or fully managed container platforms with minimal operational overhead. Compute Engine and GKE Standard require node management.

31
MCQmedium

A company needs to store petabytes of time-series IoT sensor data and query it with single-digit millisecond latency at millions of reads per second. The data has a simple key-value structure with timestamps. Which Google Cloud database is MOST appropriate?

A.Cloud Spanner
B.Cloud Bigtable
C.BigQuery
D.Firestore
AnswerB

Bigtable is the correct choice: wide-column NoSQL, designed for time-series and IoT workloads, single-digit ms latency, and scales to millions of QPS with additional nodes.

Why this answer

Cloud Bigtable is the most appropriate choice because it is a fully managed, scalable NoSQL database designed for large analytical and operational workloads, handling petabytes of data with consistent single-digit millisecond latency for high-throughput read and write operations. Its key-value store with timestamp-based versioning is ideal for time-series IoT sensor data, and it supports millions of reads per second via its integration with Bigtable's HBase API and automatic sharding.

Exam trap

Cisco often tests the misconception that Cloud Spanner is the best choice for all high-throughput workloads due to its global scalability, but candidates fail to recognize that Spanner's relational model and strong consistency overhead make it unsuitable for the simple key-value, high-write-throughput pattern of time-series IoT data, where Bigtable's NoSQL design excels.

How to eliminate wrong answers

Option A is wrong because Cloud Spanner is a globally distributed relational database that provides strong consistency and SQL transactions, but it is optimized for transactional workloads with moderate throughput, not for the extreme write throughput and petabyte-scale storage of time-series IoT data, and its latency is typically higher than single-digit milliseconds at millions of reads per second. Option C is wrong because BigQuery is a serverless data warehouse designed for analytical queries on large datasets, not for real-time, high-throughput key-value lookups with single-digit millisecond latency, and it is optimized for batch and interactive SQL queries rather than point reads. Option D is wrong because Firestore is a mobile and web document database optimized for real-time synchronization and moderate workloads, but it cannot handle petabytes of data or millions of reads per second with single-digit millisecond latency, as it has throughput limits and is not designed for high-volume time-series ingestion.

32
MCQmedium

A company is migrating a legacy monolithic application to Google Cloud. The application requires persistent storage and must be highly available with automatic failover across zones. The workload has a moderate number of reads and writes. Which storage solution meets these requirements?

A.Compute Engine persistent disk attached to a VM in a managed instance group
B.Cloud Storage with object versioning
C.Cloud SQL with a regional (HA) configuration
D.Cloud Spanner
AnswerC

Cloud SQL HA provides automatic failover to a standby in a different zone, ensuring high availability for relational databases.

Why this answer

Cloud SQL with regional (high availability) configuration replicates data synchronously to a standby instance in a different zone within the same region, providing automatic failover. It is ideal for legacy applications requiring relational database support (MySQL, PostgreSQL, SQL Server).

33
MCQhard

A company has a VPC with an auto-mode network and wants to connect two on-premises data centers to their Google Cloud environment using Cloud VPN tunnels. They need high availability and must use the same VPC network. Which architecture meets these requirements?

A.Create two classic VPN tunnels from the same gateway to each on-premises gateway
B.Use Cloud VPN with dynamic routing and a single tunnel to each site
C.Create two separate HA VPN gateways in the same region, each connected to a different on-premises gateway
D.Create one HA VPN gateway with two interfaces in two different regions, each connected to a separate on-premises VPN device
AnswerD

HA VPN uses two interfaces (one per region) to provide active-active or active-passive failover. This meets HA requirements.

Why this answer

Option D is correct because an HA VPN gateway with two interfaces in two different regions provides region-level redundancy and meets the high-availability requirement. Each interface connects to a separate on-premises VPN device, ensuring that if one region or interface fails, traffic can still flow through the other. This architecture uses the same VPC network (auto-mode) and supports dynamic routing (BGP) for automatic failover.

Exam trap

The trap here is that candidates often assume multiple tunnels or gateways in the same region provide sufficient high availability, overlooking the need for region-level redundancy to protect against regional outages.

How to eliminate wrong answers

Option A is wrong because classic VPN tunnels from the same gateway create a single point of failure; if the gateway or region fails, both tunnels go down, violating high availability. Option B is wrong because a single tunnel to each site provides no redundancy within a site; if the tunnel or its underlying interface fails, connectivity to that site is lost. Option C is wrong because creating two separate HA VPN gateways in the same region still ties both to a single region; a regional outage would take down both gateways, failing the high-availability requirement.

34
MCQeasy

A developer needs to deploy a containerized web application that experiences unpredictable traffic patterns, including long periods of no traffic. They want to minimize costs and only pay for resources when the application is serving requests. Which Google Cloud compute service is most suitable?

A.Cloud Run
B.Google Kubernetes Engine (GKE) Standard
C.Compute Engine with managed instance groups
D.Cloud Functions
AnswerA

Cloud Run scales to zero and charges per request, ideal for unpredictable traffic.

Why this answer

Cloud Run is a serverless container platform that scales to zero when not in use, charging only for resources during request processing.

35
MCQhard

A company uses Cloud SQL for PostgreSQL and wants to reduce costs for a development environment that is only used for 8 hours a day (Monday-Friday). The database is under 100 GB and does not require high availability. Which action is the most cost-effective?

A.Use a smaller machine type and add a read replica
B.Change the activation policy to ON_DEMAND
C.Migrate to Cloud Spanner for better cost efficiency
D.Enable deletion protection and manually stop the instance after hours, start it before hours
AnswerB

ON_DEMAND starts the instance on connection and stops after inactivity, saving costs during off-hours.

Why this answer

Cloud SQL supports activation policies: ALWAYS (runs 24/7) and ON_DEMAND (starts when a connection is made, stops after a period of inactivity). For development environments used only during business hours, ON_DEMAND can significantly reduce costs by stopping the instance when not in use.

36
MCQhard

A company has a VPC in auto mode and wants to create a VPN connection to an on-premises network using HA VPN. The on-premises VPN gateway supports only a single public IP address. Which configuration step is required to establish a functional HA VPN tunnel?

A.Configure the HA VPN gateway with two interfaces and use BGP to load balance traffic
B.Use a Cloud Router with custom route advertisements to the on-premises network
C.Create a Classic VPN tunnel instead of HA VPN
D.Configure the HA VPN gateway with only one interface and disable the second interface
AnswerD

HA VPN supports using a single interface when the peer supports only one IP address. You can create one tunnel for each interface but only enable the one that matches the peer.

Why this answer

HA VPN normally requires two interfaces (two public IPs) for redundancy. If the on-premises gateway supports only one IP, you can configure the Cloud VPN tunnel to use a single interface (interface 0) and disable the second interface. Alternatively, you can create a Classic VPN tunnel, but Classic VPN is not recommended.

The correct approach is to use HA VPN with only one interface enabled.

37
MCQhard

An organization needs to run a batch analytics job daily that processes 500 GB of data stored in Cloud Storage. The job runs for 2 hours each day and can tolerate occasional failures. The team wants to minimize compute costs. Which compute option is most cost-effective?

A.Compute Engine with sole-tenant nodes
B.Compute Engine with preemptible VMs
C.Compute Engine with standard VMs and sustained use discount
D.Compute Engine with committed use discount for 1 year
AnswerB

Preemptible VMs are up to 80% cheaper and ideal for fault-tolerant batch jobs.

Why this answer

Preemptible VMs cost about 60-80% less than regular VMs and are suitable for fault-tolerant, short-lived batch jobs. Committed use discounts require a 1-year commitment and are not suitable if the job runs only 2 hours per day. Sustained use discounts apply automatically but preemptible VMs are cheaper.

Standard VMs are more expensive.

38
MCQmedium

A team needs to deploy a microservice that processes events from Pub/Sub and writes the results to Firestore. The service is stateless and should not incur cost when idle. The expected load is low but can spike unpredictably. Which compute service is the most cost-effective and operationally simple?

A.GKE Standard with a cluster autoscaler and a Pub/Sub sidecar
B.Compute Engine with a managed instance group and autoscaling based on Pub/Sub queue depth
C.Cloud Run for Anthos on-premises
D.Cloud Functions (2nd gen) triggered by Pub/Sub
AnswerD

Cloud Functions is serverless, event-driven, scales to zero, and is cost-effective for intermittent workloads.

Why this answer

Cloud Functions is event-driven, scales automatically, and charges only while code is executing. It can be triggered by Pub/Sub messages, making it ideal for this use case. It scales to zero and handles spikes.

39
MCQhard

An organization wants to migrate its on-premises MySQL database to Google Cloud. The database is 2 TB and used by a critical application with read replicas for reporting. The team needs minimal downtime and the ability to fail back if needed. Which migration approach should they use?

A.Use Database Migration Service (DMS) to migrate to Cloud SQL
B.Lift and shift MySQL on Compute Engine and set up replication manually
C.Export the database to a Cloud Storage bucket and import into Cloud SQL
D.Stream data to BigQuery using Dataflow
AnswerA

DMS provides continuous replication with minimal downtime and supports failback.

Why this answer

Database Migration Service (DMS) supports continuous replication with minimal downtime and can fail back. Cloud SQL import/export requires downtime. BigQuery is for analytics, not transactional DB.

Compute Engine with MySQL is self-managed and more complex.

40
MCQeasy

A developer wants to deploy a containerized web application that receives HTTP requests and can scale to zero when not in use. The application is stateless and has a startup time of less than 2 seconds. Which Google Cloud compute option is the most cost-effective?

A.Compute Engine with managed instance group and autoscaling
B.Google Kubernetes Engine (GKE) Standard
C.App Engine Standard with manual scaling
D.Cloud Run
AnswerD

Cloud Run scales to zero, charges only for resources used during request processing, and is cost-effective for intermittent HTTP workloads.

Why this answer

Cloud Run is a serverless container platform that scales to zero, charges per request, and is ideal for stateless HTTP workloads. It meets the startup time requirement and minimises cost when idle.

41
MCQmedium

A company has a VPC with custom mode and needs to connect to an on-premises network via HA VPN. They have two on-premises VPN devices, each with a static public IP address. What is the correct way to configure the HA VPN gateway on Google Cloud?

A.Create one classic VPN gateway with two tunnels to the two on-premises devices
B.Create one HA VPN gateway with two interfaces in the same region, and create two tunnels, each connecting one cloud interface to one on-premises device
C.Create two separate VPN gateways, each with one interface, and assign each to a different region
D.Create one HA VPN gateway in one region and one classic VPN gateway in another region
AnswerB

This is the correct HA VPN configuration: one gateway, two interfaces, two tunnels to two on-premises devices.

Why this answer

HA VPN requires two external interfaces (cloud VPN gateways) for redundancy. Each interface is assigned a public IP. You configure two tunnels: each tunnel connects one cloud interface to one on-premises device.

The on-premises devices must be configured to accept connections from both cloud IPs.

42
MCQhard

A company is migrating a PostgreSQL database to Cloud SQL. They need high availability with automatic failover and a read replica for reporting queries that must not impact the primary. Which Cloud SQL configuration should they choose?

A.High Availability (HA) configuration with automatic storage increase
B.High Availability (HA) configuration with a read replica
C.Single zone instance with a failover replica
D.Single zone instance with cross-region replication
AnswerB

HA provides automatic failover, and a read replica handles reporting queries without impacting the primary.

Why this answer

Cloud SQL High Availability provides a synchronous standby in a different zone with automatic failover. Adding a read replica offloads reporting queries and does not affect the primary.

43
MCQmedium

An organization has a VPC with instances in two subnets: subnet-a (10.0.1.0/24) and subnet-b (10.0.2.0/24). They want to allow HTTP traffic from any instance in subnet-a to any instance in subnet-b. What firewall rule should be created?

A.An egress rule on subnet-b allowing traffic to 10.0.1.0/24 on TCP port 80
B.An ingress rule on subnet-a allowing traffic to 10.0.2.0/24 on TCP port 80
C.An ingress rule on subnet-b allowing traffic from 10.0.1.0/24 on TCP port 80
D.An egress rule on subnet-a allowing traffic to 10.0.2.0/24 on TCP port 80
AnswerC

Why this answer

Firewall rules are defined with direction and source/target. To allow inbound traffic to subnet-b from subnet-a, an ingress rule with source range 10.0.1.0/24 is needed.

44
MCQmedium

A company needs to store petabytes of time-series IoT sensor data and query it with single-digit millisecond latency at millions of reads per second. The data has a simple key-value structure with timestamps. Which Google Cloud database is MOST appropriate?

A.Cloud Bigtable
B.BigQuery
C.Cloud Spanner
D.Firestore
AnswerA

Bigtable is the correct choice: wide-column NoSQL, designed for time-series and IoT workloads, single-digit ms latency, and scales to millions of QPS with additional nodes.

Why this answer

Cloud Bigtable is designed for exactly this use case — petabyte-scale, low-latency (single-digit ms), high-throughput NoSQL storage for time-series, IoT, and financial data. It scales horizontally by adding nodes. BigQuery is optimised for analytics (seconds-to-minutes latency), Cloud SQL is for OLTP (limited to tens of thousands of QPS), and Firestore is for document data with hierarchical structure.

45
Multi-Selectmedium

A company wants to migrate a monolithic application to run on Google Cloud. The application consists of multiple services that communicate via REST APIs. The company wants to use managed services and minimize operational overhead. Which two compute services should they consider? (Choose two.)

Select 2 answers
A.App Engine
B.Cloud Functions
C.Cloud Run
D.Google Kubernetes Engine (GKE)
E.Compute Engine
AnswersB, C

Why this answer

Cloud Run and Cloud Functions are serverless and managed, minimizing operational overhead. Compute Engine and GKE require more management.

46
Multi-Selecteasy

A company wants to analyze terabytes of structured data using SQL queries. The data is stored in CSV files in Cloud Storage. Which TWO Google Cloud services can be used together to query the data directly without loading it into a database? (Choose 2)

Select 2 answers
A.BigQuery
B.Cloud SQL
C.Dataproc
D.Dataflow
E.Cloud Storage
AnswersA, E

BigQuery can query external data in Cloud Storage directly.

Why this answer

BigQuery can query external data sources using external tables or federated queries, including Cloud Storage. Cloud Storage is the storage location for the CSV files. BigQuery can directly query files in Cloud Storage using an external table or a federated query.

47
MCQeasy

A solutions architect is designing a disaster recovery plan for a Cloud SQL for PostgreSQL instance. The primary instance is in us-central1. They need to automate failover to a different region with a Recovery Point Objective (RPO) of less than 5 seconds. Which configuration should they choose?

A.Use Cloud SQL external replication with a Compute Engine instance
B.Deploy a high-availability (HA) configuration within the same region
C.Enable automatic backups and point-in-time recovery
D.Configure a cross-region read replica in us-west1
AnswerD

Cross-region read replicas provide asynchronous replication with low RPO and can be promoted for failover.

Why this answer

Cloud SQL cross-region replication uses asynchronous replication and typically has an RPO of a few seconds. A read replica in another region can be promoted in a disaster. Backups have higher RPO.

HA within same region does not help for regional disaster. External replication is less managed.

48
Multi-Selecteasy

A company is deploying a web application on Compute Engine and wants to distribute traffic across multiple instances in different zones for high availability. They also need to terminate SSL/TLS at the load balancer. Which TWO services should they use together?

Select 2 answers
A.Managed instance group
B.External HTTP(S) load balancer
C.Cloud CDN
D.Internal TCP/UDP load balancer
E.Cloud NAT
AnswersA, B

MIG provides a group of instances across zones that can serve as a backend to the load balancer.

Why this answer

An external HTTP(S) load balancer provides SSL/TLS termination and distributes traffic across instances in multiple zones. Managed instance groups allow you to manage the instances and autoscale if needed. The load balancer uses the instance group as a backend.

49
MCQhard

A company has a Cloud Storage bucket that stores sensitive files. They want to ensure that objects are automatically deleted after 30 days to comply with data retention policies. Additionally, they need to keep a copy of all object deletions for audit purposes. Which combination of bucket settings should they use?

A.Enable bucket lock and use object holds
B.Enable object versioning and set a retention policy with a retention period of 30 days
C.Enable a lifecycle rule with condition 'Age: 30 days' and action 'Delete'
D.Enable object versioning and add a lifecycle rule with condition 'Age: 30 days' and action 'Delete' for the current version
AnswerD

Versioning retains noncurrent versions when objects are deleted, providing an audit trail. The lifecycle rule deletes current versions after 30 days, and the noncurrent versions remain (or can be deleted later with a separate rule). This combination meets both requirements.

Why this answer

Cloud Storage lifecycle management can automatically delete objects after 30 days using a SetStorageClass or Delete action with an Age condition. Object versioning enables keeping deleted or overwritten versions (noncurrent versions). By combining lifecycle rules to delete noncurrent versions after a period (e.g., 0 days) or simply keeping them, you can audit deletions.

However, the question says 'keep a copy of all object deletions for audit purposes' – versioning retains noncurrent versions when objects are deleted or overwritten. Lifecycle rules can be set to expire the noncurrent versions after a longer period, but for audit purposes, you would keep them indefinitely or for a long period. The simplest is to enable versioning and set a lifecycle rule to delete objects after 30 days; deleted objects become noncurrent versions and are retained until a lifecycle rule removes them.

To keep a copy, you might not delete noncurrent versions. The correct answer: enable versioning and add a lifecycle rule with condition Age:30 and action Delete for current objects. Noncurrent versions will remain unless a separate rule deletes them.

For audit, you may also set a rule to delete noncurrent versions after a longer period, but the question asks for 'which combination' – the combination that achieves both requirements is versioning + lifecycle rule to delete current objects after 30 days. The deleted objects become noncurrent versions, which are retained (so audit copy is kept). If they need to keep the deletion records forever, they should not delete noncurrent versions.

Among options, the one that includes versioning and a lifecycle rule that deletes objects after 30 days is correct. Option D includes versioning and lifecycle rule: 'Delete object after 30 days' – that's it. Option A is 'Object versioning' only – no deletion.

Option B is 'Bucket lock' – not for automatic deletion. Option C is 'Lifecycle rule to delete objects after 30 days' without versioning – then when deleted, there is no version history. So D is best.

50
MCQeasy

A startup wants to run a small, event-driven application that processes files uploaded to Cloud Storage. The function should be triggered by object finalize events and should have a maximum execution time of 10 minutes. Which compute option is most cost-effective and easy to manage?

A.Compute Engine with a startup script
B.App Engine Standard
C.Cloud Run jobs
D.Cloud Functions (Gen 2)
AnswerD

Gen 2 Cloud Functions supports event triggers from Cloud Storage and has a maximum timeout of 60 minutes, fitting the 10-minute requirement. It is serverless and cost-effective.

Why this answer

Cloud Functions (Gen 2) can be triggered by Cloud Storage events and supports longer timeouts (up to 60 minutes). It is serverless and cost-effective for event-driven workloads. Cloud Run also works but requires running a container; Cloud Functions is simpler for single-purpose functions.

51
MCQeasy

A team is building a mobile app backend that requires real-time data synchronization across devices and offline support. The data model is simple and document-based. Which database service should they use?

A.Cloud Bigtable
B.BigQuery
C.Cloud SQL
D.Firestore
AnswerD

Firestore is optimized for mobile apps with real-time listeners, offline data persistence, and automatic multi-device synchronization.

Why this answer

Firestore is a NoSQL document database that provides real-time synchronization, offline support, and is designed for mobile and web apps. It integrates with Firebase SDKs.

52
MCQhard

A company has a GKE Autopilot cluster and wants to run a stateful application that requires persistent volumes with high read/write throughput. The application is deployed in a single region and does not require multi-region redundancy. Which storage option is the best choice for the persistent volumes?

A.Cloud Filestore (NFS)
B.Compute Engine persistent disks (SSD) using StorageClass 'pd-ssd'
C.Bigtable
D.Cloud Storage FUSE
AnswerB

Persistent disks are the native block storage for GKE and provide high throughput and low latency for stateful workloads.

Why this answer

GKE Autopilot supports persistent volumes via Compute Engine persistent disks (PD) or Cloud Filestore. For high throughput, regional persistent disks (pd-balanced or pd-ssd) offer excellent performance. Cloud Storage is not a persistent volume.

Filestore is file storage but is more expensive and adds network latency. Persistent disks are native and provide the best performance for stateful applications.

53
MCQmedium

A company needs to run a MongoDB database on Compute Engine. The database requires high-throughput, low-latency storage that can survive VM failures. Which disk type and configuration is most appropriate?

A.SSD persistent disks with snapshots
B.Standard persistent disks with snapshots
C.Extreme persistent disks with snapshots
D.Local SSDs
AnswerA

SSD pd provides high performance, and snapshots help recover data after VM failure.

Why this answer

SSD persistent disks (pd-ssd) provide high IOPS and low latency for databases. For survival of VM failures, the disk should be set to non-deletable or use snapshots. Regional persistent disks replicate data across zones for higher availability, but the question asks for survival of VM failures, which can be achieved with zonal disks if the VM is recreated and the disk is detached.

However, regional persistent disks are better for durability across zone failures. The best answer is pd-ssd with snapshots for backup.

54
MCQhard

An organization needs to deploy a microservices application on Google Kubernetes Engine. Each microservice has different resource requirements, and the team wants to optimize costs by using a mix of spot (preemptible) and regular nodes. They also need to ensure that critical services run on regular nodes. Which GKE feature allows this separation?

A.Use resource quotas to limit namespace resource usage
B.Use separate clusters for critical and non-critical services
C.Use node pools with taints and tolerations on the pods
D.Use vertical pod autoscaling
AnswerC

Node pools allow different node types (preemptible vs regular). Taints on the spot node pool prevent critical pods from being scheduled there unless they have the corresponding toleration.

Why this answer

Node pools in GKE allow you to have groups of nodes with different configurations (e.g., machine type, preemptible vs on-demand). You can then use node affinity or taints/tolerations to schedule pods onto the appropriate node pool.

55
Multi-Selecthard

An organization wants to migrate a 5 TB on-premises MongoDB database to Google Cloud. They need to minimize latency for write operations and support global users with strong consistency. Which three services or tools should they consider for this migration? (Choose 3)

Select 3 answers
A.Database Migration Service
B.Cloud Bigtable
C.Transfer Appliance
D.MongoDB Atlas on Google Cloud
E.Cloud Spanner
AnswersC, D, E

For transferring 5 TB of data, Transfer Appliance can be used to physically ship data.

Why this answer

MongoDB Atlas is available on Google Cloud and provides global distribution with strong consistency. Database Migration Service does not support MongoDB natively. Bigtable is not compatible.

Cloud Spanner is globally distributed and strongly consistent. Transfer Appliance is for large data transfers. BigQuery is not suitable.

56
MCQeasy

An organization wants to run a stateless HTTP-based containerized application that scales to zero when not in use and charges only for request processing time. They do not want to manage any underlying infrastructure. Which compute option should they choose?

A.Compute Engine with managed instance group
B.Cloud Run
C.Cloud Functions
D.Google Kubernetes Engine (GKE) Standard
AnswerB

Cloud Run is serverless, scales to zero, and charges per request. Perfect for stateless HTTP containers.

Why this answer

Cloud Run is a fully managed serverless platform for containers. It scales to zero automatically when no requests are coming in, and you pay only for the resources used during request processing. It is ideal for stateless HTTP-triggered workloads.

57
Multi-Selectmedium

A company plans to deploy a containerized application on GKE Autopilot. They want to ensure high availability by running multiple replicas across different zones. They also need to expose the application via a load balancer with SSL termination. Which THREE resources should they create?

Select 3 answers
A.Service
B.StatefulSet
C.Ingress
D.ConfigMap
E.Deployment
AnswersA, C, E

A Service (e.g., ClusterIP or NodePort) provides stable networking to the pods.

Why this answer

In GKE, a Deployment manages replica pods, a Service of type LoadBalancer provisions a load balancer (with SSL termination if configured), and the Ingress resource can also provide SSL termination and routing. The question says 'load balancer with SSL termination' – a Service of type LoadBalancer creates a TCP/UDP load balancer which does not natively terminate SSL. For HTTP/S traffic with SSL termination, they need an Ingress resource (which creates an HTTP(S) load balancer).

Alternatively, they could use a Service of type NodePort with a separate ingress. The typical pattern for SSL termination in GKE is to use an Ingress. The three resources: Deployment (for replicas), Service (to expose pods internally or via load balancer), and Ingress (for SSL termination and external access).

Some might say Service of type LoadBalancer can also terminate SSL if using the GKE Ingress for Anthos, but standard is Ingress. The question is multi-select, so we need three correct. Let's choose Deployment, Service (ClusterIP or NodePort), and Ingress.

Option A (Deployment) is correct. Option B (StatefulSet) is not needed. Option C (Service) is correct.

Option C (Service) yes. Option D (Ingress) correct. Option E (ConfigMap) is optional.

So A, C, D.

58
Multi-Selecthard

An organization needs to run a batch analytics job on BigQuery every night that processes terabytes of data. The job is critical and must complete within a specific time window. To optimize costs, they are considering using flat-rate pricing but want to minimize commitment risk. Which THREE factors should they evaluate?

Select 3 answers
A.The number of Cloud Storage buckets used for data staging
B.The cost of on-demand query pricing for the same workload
C.The cost of reserving dedicated hardware for Compute Engine
D.The number of slots needed to complete the job within the required time window
E.The availability of flex slots for short-term capacity needs
AnswersB, D, E

Compare flat-rate pricing to on-demand to determine if flat-rate is cheaper.

Why this answer

Option B is correct because comparing the cost of on-demand query pricing for the same workload provides a baseline to evaluate whether flat-rate pricing is more economical. Flat-rate pricing is cost-effective for predictable, high-volume workloads, but without understanding the on-demand cost, the organization cannot assess potential savings or commitment risk.

Exam trap

Cisco often tests the misconception that storage infrastructure (like Cloud Storage buckets) or unrelated compute services (like Compute Engine) influence BigQuery pricing decisions, when in fact the focus should be on slot allocation and cost comparison with on-demand pricing.

59
MCQeasy

A company wants to store event logs from multiple applications in a centralized location for future analysis. The logs are written frequently (thousands per second) and need to be retained for 90 days. The data is write-once, read-rarely. Which storage class and lifecycle rule combination is most cost-effective?

A.Set default storage class to Archive and use lifecycle rule to delete after 90 days
B.Set default storage class to Standard and use lifecycle rule to delete after 90 days
C.Set default storage class to Coldline and use lifecycle rule to delete after 90 days
D.Set default storage class to Nearline and use lifecycle rule to delete after 90 days
AnswerC

Coldline is designed for data accessed less than once per 90 days, with lower storage cost. Deleting after 90 days aligns with the retention period.

Why this answer

For write-once, read-rarely data, Coldline storage class is cost-effective for data accessed less than once per 90 days. Set a lifecycle rule to delete objects after 90 days. Alternatively, use Standard for the first 30 days then move to Coldline, but the question asks for a combination.

The simplest is to set the default storage class to Coldline and a lifecycle rule to delete at 90 days.

60
MCQhard

A company wants to migrate an on-premises PostgreSQL database to Google Cloud. They need a managed database service with high availability and automatic failover. The application uses many stored procedures and extensions specific to PostgreSQL. Which service should they choose?

A.Cloud Spanner
B.Bare Metal Solution
C.Cloud SQL for PostgreSQL
D.Firestore
AnswerC

Why this answer

Cloud SQL for PostgreSQL supports many PostgreSQL extensions and stored procedures. Cloud Spanner is not PostgreSQL-compatible; Firestore is NoSQL; Bare Metal Solution is for on-premises-like deployments, not managed.

61
Multi-Selecteasy

A developer wants to deploy a new application on Google Cloud. The application consists of a frontend service that serves web traffic and a backend service that processes images. Both services need to be containerized. Which two compute options are serverless and support container deployment? (Choose 2)

Select 2 answers
A.Google Kubernetes Engine (GKE)
B.Cloud Functions (2nd gen)
C.Cloud Run
D.Compute Engine
E.Cloud Functions (1st gen)
AnswersB, C

Cloud Functions (2nd gen) supports container images.

Why this answer

Cloud Run and Cloud Functions (2nd gen) both support container images and are serverless (no server management, scale automatically). GKE and Compute Engine are not serverless. Cloud Functions (1st gen) does not support containers.

62
MCQmedium

A company wants to migrate an on-premises PostgreSQL database to Google Cloud. They require automated backups, point-in-time recovery, and a 99.95% availability SLA. Which service should they choose?

A.Compute Engine with self-managed PostgreSQL
B.Cloud SQL for PostgreSQL
C.Cloud SQL for MySQL
D.Cloud Spanner
AnswerB

Cloud SQL for PostgreSQL offers all required features: managed backups, PITR, and a 99.95% SLA.

Why this answer

Cloud SQL for PostgreSQL provides automated backups, point-in-time recovery (PITR), and a 99.95% SLA for single-zone instances. It is fully managed, reducing operational overhead.

63
MCQmedium

A company plans to run a stateful application on Compute Engine that requires high random I/O performance and the ability to resize the persistent disk without downtime. The application is running on a Linux VM. Which persistent disk type and configuration should the engineer choose?

A.Extreme persistent disk (pd-extreme)
B.Balanced persistent disk (pd-balanced)
C.SSD persistent disk (pd-ssd)
D.Standard persistent disk (pd-standard)
AnswerA

Extreme disks provide the highest IOPS and support live resizing without downtime.

Why this answer

Extreme persistent disks are designed for high random I/O workloads, offering up to 120,000 IOPS and the ability to resize without downtime. They are SSD-based and suitable for databases.

64
MCQeasy

A data analyst needs to run complex analytical queries on a large dataset (10 TB) stored in Cloud Storage. They want to use a serverless query engine that charges based on the amount of data processed. Which Google Cloud service should they use?

A.Cloud SQL
B.BigQuery
C.Bigtable
D.Dataproc
AnswerB

BigQuery is serverless and ideal for analytical queries on large datasets with pay-per-query pricing.

Why this answer

BigQuery is a serverless data warehouse that charges based on queries processed (on-demand) or flat-rate. It can query external data in Cloud Storage via federated queries.

65
MCQhard

A team is using BigQuery for analytics. They have a constant query workload and want to reduce costs by switching from on-demand pricing to a flat-rate reservation. They have purchased a BigQuery flat-rate reservation. What additional step is required to use the reservation?

A.Enable flat-rate billing in the BigQuery settings
B.Assign the reservation to the desired projects using an assignment
C.No additional steps; flat-rate is automatically applied to all queries
D.Create a new dataset and move all tables into it
AnswerB

Why this answer

The reservation must be assigned to a project, folder, or organization via a reservation assignment. Without assignment, the reservation is not used, and queries continue to be billed on-demand.

66
MCQeasy

An engineer needs to deploy a containerized web application that receives HTTP requests and should scale to zero when not in use. The application is stateless and has a lightweight container image. Which Google Cloud compute service should be used?

A.Compute Engine with a single VM
B.Cloud Functions
C.Cloud Run
D.Google Kubernetes Engine (GKE) Standard cluster
AnswerC

Cloud Run scales to zero and is purpose-built for stateless HTTP containers.

Why this answer

Cloud Run is a fully managed serverless platform that scales to zero when no requests are coming in, and bills per request. It is ideal for stateless HTTP-triggered container workloads.

67
MCQeasy

An engineer is tasked with creating a new VPC network for a production environment. The company requires the VPC to support multiple regions and allow custom IP address ranges for each subnet. Which VPC network mode should the engineer use?

A.Shared VPC
B.Custom mode VPC
C.Auto mode VPC
D.Legacy mode VPC
AnswerB

Custom mode allows you to define subnets with custom IP CIDR ranges per region, giving full control.

Why this answer

Custom mode VPC allows full control over subnets, including custom IP ranges per region. Auto mode creates subnets in each region with predefined IP ranges, which may not meet production requirements. Shared VPC is for sharing across projects, not for a single project's network.

68
MCQmedium

A company runs a batch job every night that processes data from a Cloud Storage bucket and writes results to BigQuery. The job runs on a Compute Engine VM. To minimize costs, what is the best practice for the VM?

A.Use a VM with GPUs for faster processing
B.Use a VM with local SSD for temporary storage
C.Use a standard VM and commit to a 1-year commitment
D.Use a preemptible VM
AnswerD

Why this answer

Preemptible VMs are up to 80% cheaper and can be terminated at any time, which is acceptable for batch jobs that can be checkpointed or restarted from the beginning.

69
MCQmedium

A company needs to connect their on-premises data center to Google Cloud via a dedicated, high-bandwidth connection with low latency. They anticipate consistent high traffic. Which connectivity option should they use?

A.Carrier Peering
B.Cloud VPN
C.VPC peering
D.Dedicated Interconnect
AnswerD

Why this answer

Dedicated Interconnect provides direct physical connections between on-premises and Google Cloud, offering high bandwidth and low latency. Cloud VPN is over the internet; Carrier Peering is for enterprise customers; VPC peering is for connecting VPCs within Google Cloud.

70
MCQhard

A company wants to use Google Cloud Pricing Calculator to estimate the monthly cost of running a Compute Engine instance for a web server. They plan to use a n2-standard-4 machine with a 100 GB SSD persistent disk and commit to a 1-year term. Which discount type should they include in the estimate?

A.No discount is needed; the price shown is final
B.Committed use discount (1 year)
C.Free tier discount
D.Sustained use discount only
AnswerB

Committed use discounts provide the best savings for a 1-year commitment. They should be selected in the calculator.

Why this answer

Committed use discounts (CUDs) offer significant savings (up to 57% for machine types) in exchange for committing to 1 or 3 years. Sustained use discounts apply automatically for running instances >25% of the month, but CUDs are additional and can be combined. For a 1-year commitment, they should include CUD for the machine type.

71
Multi-Selecthard

A company has a Compute Engine VM instance that needs to access a Cloud Storage bucket. The VM uses a service account with the Storage Object Admin role. However, the VM is unable to upload objects. Which two possible causes should be investigated? (Choose two.)

Select 3 answers
A.The VM's service account does not have the required IAM permission on the bucket
B.A firewall rule is blocking outbound HTTPS traffic
C.The bucket's IAM policy does not include the service account
D.The VM does not have the correct access scopes configured
E.The VM is not in the same region as the bucket
AnswersA, C, D

Why this answer

The service account must have the proper IAM role and the bucket must have appropriate IAM or ACL permissions. The VM's scopes also need to allow Cloud Storage access. VPC firewall rules do not affect API calls to Cloud Storage (over HTTPS).

72
MCQhard

A company uses Cloud SQL for MySQL to host a database. The database must be accessible from a Compute Engine VM in the same region but in a different VPC network (VPC-A). The company does not want to use public IP addresses or VPN. What should the engineer do to enable connectivity?

A.Export the Cloud SQL instance as a dump and recreate it in VPC-A
B.Set up VPC Network Peering between VPC-A and the VPC where Cloud SQL is deployed, and configure Cloud SQL with a private IP
C.Configure the Cloud SQL instance with a public IP and allow the VM's IP in authorized networks
D.Use Cloud VPN to connect VPC-A to the VPC where Cloud SQL is deployed
AnswerB

VPC Network Peering allows connectivity without VPN, and private IP ensures no public exposure.

Why this answer

Cloud SQL private services access requires the Cloud SQL instance to be in a VPC network. For connectivity across VPCs, VPC Network Peering can be used, as both VPCs are in the same project or across projects. Private services access connects Cloud SQL to a VPC, and peering allows another VPC to access it.

73
MCQmedium

An organisation requires a managed relational database for an online transaction processing (OLTP) application with strong consistency, automated backups, and a 99.95% SLA. The database size is expected to be under 10 TB. Which service meets these requirements at the lowest cost?

A.Bare Metal Solution
B.Cloud Bigtable
C.Cloud SQL
D.Cloud Spanner
AnswerC

Cloud SQL is a managed relational database service with automated backups, strong consistency, and a 99.95% SLA at a reasonable cost for databases under 10 TB.

Why this answer

Cloud SQL provides managed MySQL/PostgreSQL/SQL Server with automated backups, strong consistency, and a 99.95% SLA for zonal deployments. It is cost-effective for databases under 10 TB. Cloud Spanner is more expensive and suited for global scale.

74
MCQmedium

A company needs to store and serve user-generated content such as images and videos. The data must be accessible globally with low latency. Which Google Cloud storage service should they use?

A.Persistent Disk
B.Cloud Filestore
C.Cloud Storage
D.Local SSD
AnswerC

Cloud Storage is the correct choice for storing and serving user-generated content globally.

Why this answer

Cloud Storage is object storage designed for global accessibility, with low-latency access and multiple storage classes. It supports serving content via CDN integration.

75
MCQmedium

A development team needs to create a Cloud Storage bucket that will store sensitive financial data. The bucket must be encrypted with a customer-managed encryption key (CMEK) and must have versioning enabled. Which command correctly creates this bucket?

A.gcloud storage buckets create gs://my-bucket --location=us-central1 --encryption-key=projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key --versioning
B.gsutil mb -c regional -l us-central1 gs://my-bucket
C.gsutil mb -c regional -l us-central1 --cmek=projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key gs://my-bucket
D.gcloud beta storage buckets create gs://my-bucket --cmek=projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key --enable-versioning
AnswerA

This command correctly creates a bucket with CMEK and versioning enabled.

Why this answer

The gcloud storage buckets create command with --encryption-key specifies a CMEK key. The --versioning flag enables versioning. The --default-storage-class flag sets the storage class but is not required for encryption.

Page 1 of 2 · 88 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Ace Planning Configuring questions.